Memory Mesh Core

The skill is classified as suspicious due to critical prompt/shell injection vulnerabilities. The `scripts/ensure_openclaw_cron.py` and `scripts/post_global_comment_via_openclaw.py` scripts directly interpolate user-controlled arguments (e.g., `--issue-url`, `--skill-url`) into the `message` argument of `openclaw cron add/edit` commands without proper sanitization. This allows an attacker to inject arbitrary commands or malicious prompts into the scheduled tasks, leading to potential Remote Code Execution (RCE) by the OpenClaw agent. While the skill includes positive security features like secret/PII detection and output sanitization, this injection flaw represents a severe vulnerability.